api: user: add realmtype to user list

this makes it much easier to determine if a user can e.g.
change a password or tfa, based on realm

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 05de57f37d4155078b30cfd646bb7457732a5940..f1249a8cbdea650111906a8616bd3f8874334a5b 100644 (file)
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -149,7 +149,11 @@ __PACKAGE__->register_method ({
                    items => $token_info_extend->({
                        tokenid => get_standard_option('token-subid'),
                    }),
-               }
+               },
+               realmtype => {
+                   type => 'string',
+                   description => 'The type of the users realm',
+               },
            },
        },
        links => [ { rel => 'child', href => "{userid}" } ],
@@ -161,6 +165,9 @@ __PACKAGE__->register_method ({
        my $usercfg = $rpcenv->{user_cfg};
        my $authuser = $rpcenv->get_user();
 
+       my $domainscfg = cfs_read_file('domains.cfg');
+       my $domainids = $domainscfg->{ids};
+
        my $res = [];
 
        my $privs = [ 'User.Modify', 'Sys.Audit' ];
@@ -184,6 +191,12 @@ __PACKAGE__->register_method ({
            $entry->{tokens} = [ map { { tokenid => $_, %{$entry->{tokens}->{$_}} } } sort keys %{$entry->{tokens}} ]
                if defined($entry->{tokens});
 
+           my (undef, undef, $realm) = PVE::AccessControl::verify_username($user, 1);
+
+           if (defined($realm) && $domainids->{$realm}) {
+               $entry->{realmtype} = $domainids->{$realm}->{type};
+           }
+
            $entry->{userid} = $user;
            push @$res, $entry;
        }